Poland targeted by hackers after Ukraine cyberattack
Poland has raised its cybersecurity terrorist threat level after Ukraine suffered a major hack last week that took down several government websites. Poland’s Digital Ministry said yesterday that as of January 23, the country is currently at the lowest of the four potential terrorist threat levels for cybersecurity.
The Office of the Polish Prime Minister notes that during the attack, access to the Ukrainian platform “Diya” was disabled. Ukrainian officials told reporter Kim Zetter that dozens of systems at least two government offices were destroyed in a cyberattack last week. U.S. President Joe Biden reacted strongly to reports of a wide-ranging porn yberattack on Ukraine’s government systems. On Wednesday afternoon, the president told reporters that the U.S. would retaliate with cyberattacks if Russia attacked Ukraine’s digital infrastructure.
Last week, a cyberattack urged Ukrainians to “fear and expect the worst” as the country braces for a possible new military offensive from neighboring Russia. Recent attacks in Ukraine highlight the danger of cyber raids at the border, as the U.S. government warns all U.S. organizations, from small businesses to corporations and municipal governments, of a possible Russian retaliatory response to U.S. actions abroad. The cyberattack in Ukraine urged citizens to “fear and expect the worst” as the country fears a possible new military offensive from Russia.
According to the Washington Post, Russia has deployed more than 100,000 troops to the border with Ukraine.
According to Reuters, Ukrainian officials said nearly 70 government facilities were attacked, including the Security and Defense Council, the Cabinet of Ministers, and several ministries. On Saturday, dozens of computers linked to the Ukrainian government were infected with malware, rendering systems unusable.
The provincial government said an investigation into the case found that an unauthorized third party had access to the documents. However, it is still unclear whether the website defacement and the attacks on the wipers happened simultaneously. Due to security concerns, the Polish government did not disclose which cyberattack hit Polish institutions based in Ukraine in recent weeks. However, Cieszynski added that no such hacker attacks had happened in Poland as of Wednesday.
A Ukrainian security official attributed the attack to a Belarusian intelligence group. Deputy Secretary of the National Security and Defense Council of Ukraine Serhiy Demedyuk told Reuters that a hacker linked to the Belarusian government, UNC1151, was behind the malware attack. Sergei Demedyuk, deputy secretary of the National Security and Defense Council of Ukraine, told Reuters that UNC1151, a hacker linked to Belarusian authorities, was behind the malware attack.
European countries are not the only ones affected
The Saskatchewan government is reporting to the Saskatchewan Alcohol and Gambling Authority (SLGA) the risk of a Christmas cyberattack leading to the leakage of employee personal information. Independent cybersecurity experts have helped the regulator recover from the incident. Its distribution center has returned to its entire operations. At the same time, the U.S. government also warned companies to be wary of digital traffic from Ukraine and attacks from Russia.
The two documents, released this week, following a series of cyberattacks in Ukraine allegedly carried out by Russia, suggest the same attack could also threaten U.S. systems. The White House national security memorandum signed today contains recommendations similar to those in the Cybersecurity and Infrastructure Security Agency (CISA) memo released yesterday. The agency said the recent malware attack in Ukraine underscores the “implications for the potential for damage to critical infrastructure.” In the U.S.,
The White House memorandum released today builds on an executive order signed last year to strengthen cybersecurity for the federal government. At the same time, the current administration has identified cybersecurity as a high domestic and international priority, the memo this week. The release highlights the vulnerabilities of many critical networks.
The alert level, which will be in effect until the end of Sunday, comes after about 70 Ukrainian government websites, including several ministries, were hit by a large-scale cyberattack. In addition, a notification in Ukrainian, Russian and Polish порно laptop screens appeared on the official website of the Ukrainian Foreign Ministry after the massive cyber attack.
The Ukrainian National Cybersecurity Focal Point has referred to the recent attacks as “Operation Blood Bear.”
It notes that some of the detected malware appears to be similar to other malware used in the massive attacks in 2017 that hit Ukraine stronger than in any other country.
Security researchers say they have found spyware from the notorious hacking firm NSO Group on the phones of two prominent Polish opposition figures. On Thursday, Citizen Lab, in partnership with the Associated Press, reported that between April 26, 2019, and October 23, 2019, Polish senator Krzysztof Brejza was hacked 33 times by NSO Group’s Pegasus spyware. In both cases, the attackers were military-grade spyware. In addition, digital investigators from Citizen Lab, which monitors the Internet at the University of Toronto, said the U.S. government recently blacklisted the Israeli recruiting group from NSO Group.
Citizen Lab cannot tell who ordered the hack. The NSO does not identify its customers other than that it only works with legitimate government agencies. Polish state security spokesman Stanislav Zarin neither confirmed nor denied that the government ordered the hacks or is NSO’s customer. In 2019, independent Polish broadcaster TVN uncovered evidence that the government’s anti-corruption agency had spent more than $8 million on phone spyware.
According to Citizen Lab, Pegasus was also used to hack into the phones of Polish prosecutors Eva Wrzosek and Roman Gertich, a lawyer for Braze’s Civic Platform Party. Both have joined the list of government critics worldwide whose phones have suffered interceptions using the company’s Pegasus product.
A global media consortium investigation found that Hungary used Pegasus to hack at least ten lawyers, an opposition politician, and several journalists.
According to Citizen Lab, Gertich was hacked at least 18 times in the last four months of 2019. Last year, anti-corruption officials ransacked Gertich’s home and office in a manner that a Polish court found illegal. The E.U. described how the Polish government is hostile to minded lawyers in politically sensitive cases as symbolic.
Gertich represented Sikorsky in a case of illegal wiretapping. Conversations of former foreign ministers were recorded and published; Sikorski claims that the government did not investigate the possible involvement of Kaczynski’s allies. At the time, Gertich represented an Austrian property developer who claimed that Kaczynski attacked him. Poland’s most powerful politician strangled him when a deal to build two commercial towers in Warsaw collapsed.
Two years later, a prosecutor who defied the right-wing populist government’s attempts to purge the judiciary had his smartphone hacked. An outspoken member of the independent prosecutors union, Vrzosek learned that he had been hacked and tweeted about it. Last month, Apple sent out a notification to dozens of NSo-victimized iPhone users worldwide, including 11 employees of the U.S. State Department.
Hacking their phones is the first two confirmed cases of military-grade Pegasus spyware used against targets in Poland.
Nevertheless, the news of the hack in Poland is especially noteworthy, as human rights groups are calling on the 27-nation European Union to tighten export restrictions on spyware. For example, Pegasus spyware has links to Hungary, condemned for undemocratic abuses like Poland.
Confirmed victims include Mexican and Saudi journalists, British lawyers, Palestinian human rights activists, U.S. heads of state, and diplomats living in Uganda. In July, Project Pegasus discovered spyware on the phones of at least 65 corporate executives. Based on evidence from Amnesty International, Citizen Czateria Lab, and Forbidden Stories, 85 human rights activists, 189 journalists, and 600 politicians were also affected. In addition, an Israeli spy agency used the program to hack into the phones of six Palestinian human rights activists.
However, Citizen Lab and Amnesty International researchers say the NSO appears to be maintaining the infection infrastructure. Last month, a spokesman for Hungary’s ruling party acknowledged that the government had acquired Pegasus licenses.
In 2019, Polish independent broadcaster TVN found evidence that government anti-corruption agencies spent more than $8 million on phone spyware. However, Polish national security spokesman Stanislav Zarin neither confirmed nor denied that the government ordered the hack or was a client of NSO.